CMP

Table of Contents

1. CMP（cmp）
   1. Basic Function
   2. Instruction Execution Process
   3. Instruction Format
   4. Behavioral Characteristics
   5. Common Uses

CMP（cmp）

Basic Function

CMP is used to compare the sizes of two operands, but it does not store the result. Instead, it only updates EFLAGS based on the comparison result.
Its core behavior is equivalent to performing a virtual subtraction once: op1 - op2。

Instruction Execution Process

The following actions are performed during execution:

1. Compute op1 - op2 (result not written back)

2. Update the flags based on the result: ZF, SF, OF, CF, PF

Instruction Format

cmp r/m32, r32 cmp r/m64, r64 cmp r/m32, imm32 cmp r/m64, imm32

Behavioral Characteristics

• Does not modify either operand

• Only updates EFLAGS

• Often used together with conditional jumps (je/jne/jg/jl, etc.)

• Key flags:

  • ZF = 1 → the two are equal

  • SF/OF/CF are used to determine magnitude, sign, and overflow conditions

Common Uses

• Conditional checks

• Loop termination checks

• Branch logic control

• Used in reverse engineering to infer variable relationships

• Used in PWN to determine key branch points in function logic